fix(updates+fix): fix resolved

[johnae]

No description provided.

[claude]

Claude finished @johnae's task —— View job

---

Code Review for PR #1675

Review Checklist

• Read and analyze changed files
• Review code quality and best practices
• Check for potential bugs or issues
• Assess performance considerations
• Evaluate security concerns
• Consider test coverage implications

---

Summary

This PR updates the systemd-resolved configuration in two NixOS configurations (cygnus.nix and neptune.nix) by migrating from the deprecated extraConfig format to the structured settings attribute set.

Changes Reviewed

1. systemd-resolved Configuration Migration

Both configurations/nixos/x86_64-linux/cygnus.nix:53-56 and configurations/nixos/x86_64-linux/neptune.nix:58-60 replace:

extraConfig = ''
  DNSSEC=no
  DNSOverTLS=no
  Cache=no-negative
'';

With the structured format:

settings.Resolve.DNSSEC = false;
settings.Resolve.DNSOverTLS = false;
settings.Resolve.Cache = "no-negative";

Review Feedback

✅ Code Quality and Best Practices

• Good: Migration to the structured settings attribute follows NixOS best practices
• Good: Type-safe configuration (boolean values instead of strings)
• Good: Better IDE support and validation with structured attributes
• Good: Consistent changes applied to both configurations

✅ No Bugs or Issues Detected

• The configuration migration is semantically equivalent
• Boolean values (false) correctly replace string values ("no")
• The Cache setting properly retains its string value format

✅ Performance Considerations

• No performance impact - these are configuration-only changes
• The DNS cache behavior remains unchanged (negative response caching disabled)

✅ Security Considerations

• Note: DNSSEC is disabled, which reduces DNS security but is documented as intentional for Tailscale DNS compatibility
• DNSOverTLS is disabled, meaning DNS queries are not encrypted
• These settings appear to be deliberate choices based on the comments about Tailscale DNS requirements
• No new security vulnerabilities introduced by this change

⚠️ Test Coverage

• No tests included in this PR
• Consider testing the systemd-resolved configuration after deployment to ensure:
  • DNS resolution still works correctly
  • Tailscale DNS integration functions as expected
  • Fallback DNS servers are reachable

Recommendations

1. Documentation: The PR lacks a description. Consider adding context about why this migration was necessary (e.g., deprecation warnings, NixOS version upgrade requirements)

2. Testing: After deployment, verify:

   systemctl status systemd-resolved
   resolvectl status

3. Future Consideration: The flake.lock shows no changes between commits despite being listed as modified. This might be a rebase artifact or formatting change.

Conclusion

The changes are clean, follow NixOS best practices, and maintain functional equivalence while improving code quality. The migration from extraConfig to structured settings is the recommended approach in modern NixOS configurations.

Approved ✅ - Safe to merge after considering the testing recommendations above.